Security problems help

Discussion in 'General' started by martocci, Oct 11, 2010.

  1. martocci

    martocci New Member

    we have some security problems with our server /tmp directory, where some websites write temporary files. Some hackers manage to upload malicious scripts into that folder, thus executing them (most of the times they are perl based mailer scripts).
    Do you think we can restrict permissions on the /tmp folder which now is drwxrwxrwt?

    Thank you for your help.
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    The common solution to avoid this problem is to have a separate partition for /tmp and then mount this partition with noexec permission. Additionally you should make sure that you enable suexec in all websites to ensure that all cgi processes for every website have their own users.

Share This Page